Code Monkey home page Code Monkey logo

bcrypt's Introduction

bcrypt

Latest Version https://github.com/pyca/bcrypt/workflows/CI/badge.svg?branch=main

Acceptable password hashing for your software and your servers (but you should really use argon2id or scrypt)

Installation

To install bcrypt, simply:

$ pip install bcrypt

Note that bcrypt should build very easily on Linux provided you have a C compiler and a Rust compiler (the minimum supported Rust version is 1.56.0).

For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:

$ sudo apt-get install build-essential cargo

For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed:

$ sudo yum install gcc cargo

For Alpine, the following command will ensure that the required dependencies are installed:

$ apk add --update musl-dev gcc cargo

Alternatives

While bcrypt remains an acceptable choice for password storage, depending on your specific use case you may also want to consider using scrypt (either via standard library or cryptography) or argon2id via argon2_cffi.

Changelog

4.1.3

  • Bump Rust dependency versions

4.1.2

  • Publish both py37 and py39 wheels. This should resolve some errors relating to initializing a module multiple times per process.

4.1.1

  • Fixed the type signature on the kdf method.
  • Fixed packaging bug on Windows.
  • Fixed incompatibility with passlib package detection assumptions.

4.1.0

  • Dropped support for Python 3.6.
  • Bumped MSRV to 1.64. (Note: Rust 1.63 can be used by setting the BCRYPT_ALLOW_RUST_163 environment variable)

4.0.1

  • We now build PyPy manylinux wheels.
  • Fixed a bug where passing an invalid salt to checkpw could result in a pyo3_runtime.PanicException. It now correctly raises a ValueError.

4.0.0

  • bcrypt is now implemented in Rust. Users building from source will need to have a Rust compiler available. Nothing will change for users downloading wheels.
  • We no longer ship manylinux2010 wheels. Users should upgrade to the latest pip to ensure this doesn’t cause issues downloading wheels on their platform. We now ship manylinux_2_28 wheels for users on new enough platforms.
  • NUL bytes are now allowed in inputs.

3.2.2

  • Fixed packaging of py.typed files in wheels so that mypy works.

3.2.1

  • Added support for compilation on z/OS
  • The next release of bcrypt with be 4.0 and it will require Rust at compile time, for users building from source. There will be no additional requirement for users who are installing from wheels. Users on most platforms will be able to obtain a wheel by making sure they have an up to date pip. The minimum supported Rust version will be 1.56.0.
  • This will be the final release for which we ship manylinux2010 wheels. Going forward the minimum supported manylinux ABI for our wheels will be manylinux2014. The vast majority of users will continue to receive manylinux wheels provided they have an up to date pip.

3.2.0

  • Added typehints for library functions.
  • Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5).
  • Shipped abi3 Windows wheels (requires pip >= 20).

3.1.7

  • Set a setuptools lower bound for PEP517 wheel building.
  • We no longer distribute 32-bit manylinux1 wheels. Continuing to produce them was a maintenance burden.

3.1.6

  • Added support for compilation on Haiku.

3.1.5

  • Added support for compilation on AIX.
  • Dropped Python 2.6 and 3.3 support.
  • Switched to using abi3 wheels for Python 3. If you are not getting a wheel on a compatible platform please upgrade your pip version.

3.1.4

  • Fixed compilation with mingw and on illumos.

3.1.3

  • Fixed a compilation issue on Solaris.
  • Added a warning when using too few rounds with kdf.

3.1.2

  • Fixed a compile issue affecting big endian platforms.
  • Fixed invalid escape sequence warnings on Python 3.6.
  • Fixed building in non-UTF8 environments on Python 2.

3.1.1

  • Resolved a UserWarning when used with cffi 1.8.3.

3.1.0

  • Added support for checkpw, a convenience method for verifying a password.
  • Ensure that you get a $2y$ hash when you input a $2y$ salt.
  • Fixed a regression where $2a hashes were vulnerable to a wraparound bug.
  • Fixed compilation under Alpine Linux.

3.0.0

  • Switched the C backend to code obtained from the OpenBSD project rather than openwall.
  • Added support for bcrypt_pbkdf via the kdf function.

2.0.0

  • Added support for an adjustible prefix when calling gensalt.
  • Switched to CFFI 1.0+

Usage

Password Hashing

Hashing and then later checking that a password matches the previous hashed password is very simple:

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a randomly-generated salt
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt())
>>> # Check that an unhashed password matches one that has previously been
>>> # hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

KDF

As of 3.0.0 bcrypt now offers a kdf function which does bcrypt_pbkdf. This KDF is used in OpenSSH's newer encrypted private key format.

>>> import bcrypt
>>> key = bcrypt.kdf(
...     password=b'password',
...     salt=b'salt',
...     desired_key_bytes=32,
...     rounds=100)

Adjustable Work Factor

One of bcrypt's features is an adjustable logarithmic work factor. To adjust the work factor merely pass the desired number of rounds to bcrypt.gensalt(rounds=12) which defaults to 12):

>>> import bcrypt
>>> password = b"super secret password"
>>> # Hash a password for the first time, with a certain number of rounds
>>> hashed = bcrypt.hashpw(password, bcrypt.gensalt(14))
>>> # Check that a unhashed password matches one that has previously been
>>> #   hashed
>>> if bcrypt.checkpw(password, hashed):
...     print("It Matches!")
... else:
...     print("It Does not Match :(")

Adjustable Prefix

Another one of bcrypt's features is an adjustable prefix to let you define what libraries you'll remain compatible with. To adjust this, pass either 2a or 2b (the default) to bcrypt.gensalt(prefix=b"2b") as a bytes object.

As of 3.0.0 the $2y$ prefix is still supported in hashpw but deprecated.

Maximum Password Length

The bcrypt algorithm only handles passwords up to 72 characters, any characters beyond that are ignored. To work around this, a common approach is to hash a password with a cryptographic hash (such as sha256) and then base64 encode it to prevent NULL byte problems before hashing the result with bcrypt:

>>> password = b"an incredibly long password" * 10
>>> hashed = bcrypt.hashpw(
...     base64.b64encode(hashlib.sha256(password).digest()),
...     bcrypt.gensalt()
... )

Compatibility

This library should be compatible with py-bcrypt and it will run on Python 3.6+, and PyPy 3.

Security

bcrypt follows the same security policy as cryptography, if you identify a vulnerability, we ask you to contact us privately.

bcrypt's People

Contributors

alex avatar ayrx avatar bsoyka avatar chris-erickson avatar dependabot[bot] avatar dhduvall avatar dr-bean avatar dreid avatar dstufft avatar eduzen avatar elliejeong avatar fogapod avatar hugovk avatar hynek avatar jazzyb avatar jdufresne avatar k3it avatar lgommans avatar manthey avatar markround avatar odidev avatar reaperhulk avatar sbdchd avatar sblondon avatar sbrunel avatar slingamn avatar timgraham avatar vargenau avatar wakayser avatar webknjaz avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

wuub kvogt pombredanne alex atherra dstufft sclbeta jazzyb reaperhulk modulexcite chris-erickson toughrogrammer caidongyun vonnordmann simudream nubank mchlt paragonie-scott nidaosky gandamu sansice wangzz719 dadbob hyena harrystaley timgraham dr-bean zeroows lgommans col-n hack-cc dhduvall sbrunel leonardoce rockfordwei joshaddington abhi-infrrd sebatyler dondyabla mypravite-project schoefflstefan pharazone adityavs lzfernandes markjeee christinto ursdesiredone hasimir gpip forcefx2 manthey sgnls wujiangge openmax k3it weichaojie theassyrian brendanlong spotrh webknjaz lowmana69 metaver5o eduzen milai3 chudinovvn bchurchill bunjiboys nikolasmelui blag jayvdb sireof yazici raulrbabb sailfish009 tommy415 dishasrivastavapuresoftware odidev fogapod graingert charygao dmurphy18 eedygreen dish59742 isiomaogbuehi elliejeong neotycoder cit-music-catalog bartes1973 global-localhost global19 global19-atlassian-net 00mjk j0nm1 mu-l baby636 daodaoliang alvistack wakayser amgadsahar3 progbeat

bcrypt's Issues

AttributeError: 'module' object has no attribute 'ffi'

Can anyone help shed some light on this error? I dont experience any issues if I run my application locally or on a Ubuntu Instance. However, when deploying via AWS Beanstalk I get this error.

File "/opt/python/run/venv/lib64/python2.7/site-packages/bcrypt/__init__.py", line 82, in hashpw
hashed = _bcrypt.ffi.new("char[]", 128)
AttributeError: 'module' object has no attribute 'ffi'

Any suggestion much appreciated.

FYI - I have bcrypt==3.1.2 installed.

Unable to cross compile due to cffi 

===>  Compiling for bcrypt
running build
Traceback (most recent call last):
  File "setup.py", line 255, in <module>
    **keywords_with_side_effects(sys.argv)
  File "/home/spksrc/spksrc/spk/python/work-88f6281-4.3/Python-2.7.8/Lib/distutils/core.py", line 151, in setup
    dist.run_commands()
  File "/home/spksrc/spksrc/spk/python/work-88f6281-4.3/Python-2.7.8/Lib/distutils/dist.py", line 953, in run_commands
    self.run_command(cmd)
  File "/home/spksrc/spksrc/spk/python/work-88f6281-4.3/Python-2.7.8/Lib/distutils/dist.py", line 971, in run_command
    cmd_obj.ensure_finalized()
  File "/home/spksrc/spksrc/spk/python/work-88f6281-4.3/Python-2.7.8/Lib/distutils/cmd.py", line 109, in ensure_finalized
    self.finalize_options()
  File "setup.py", line 36, in finalize_options
    self.distribution.ext_modules = get_ext_modules()
  File "setup.py", line 21, in get_ext_modules
    from bcrypt import _ffi
  File "/home/spksrc/spksrc/spk/python/work-88f6281-4.3/bcrypt-1.1.0/bcrypt/__init__.py", line 97, in <module>
    _ffi = FFI()
  File "/home/spksrc/spksrc/spk/python/work-88f6281-4.3/bcrypt-1.1.0/.eggs/cffi-0.8.6-py2.7-linux-i686.egg/cffi/api.py", line 56, in __init__
    import _cffi_backend as backend
ImportError: /home/spksrc/spksrc/spk/python/work-88f6281-4.3/bcrypt-1.1.0/.eggs/cffi-0.8.6-py2.7-linux-i686.egg/_cffi_backend.so: cannot open shared object file: No such file or directory
make[2]: *** [compile_python_module] Erreur 1

Same issue as here: pyca/pyopenssl#157
Root cause here: pyca/cryptography#1325

bcrypt with pypy error

Latest stable pypy version, bcrypt installed via pip, running on Win7 64bit:

C:\Users\...snip...>pypy
Python 3.2.5 (b2091e973da6, Oct 19 2014, 21:25:51)
[PyPy 2.4.0 with MSC v.1500 32 bit] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>>> import bcrypt
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "C:\Program Files (x86)\pypy3-2.4.0-win32\site-packages\bcrypt\__init__.py", line 23, in <module>
    from bcrypt import _bcrypt
ImportError: cannot import name '_bcrypt'

I've compared the pypy site-packages/bcrypt directory with the corresponding python site-packages/bcrypt, and the python directory has a file _bcrypt.pyd which is not present under pypy.

Any idea?

Thanks!

3.1.3 does not build on illumos, but master (as of 3c3a2ce) is OK

Hello,

I am wondering if there will be a release to publish the fix of #116 (Fixes link editing errors in msys / mingw64 ) which also fixes a build on illumos.

My tests to show that master builds while 3.1.3. does not build:

$ git checkout 3.1.3 # (in a bcrypt checkout)
$ python setup.py build
...
In file included from src/_csrc/bcrypt.c:41:
src/_csrc/pycabcrypt.h:18: error: redefinition of typedef 'u_int8_t'
src/_csrc/pycabcrypt.h:18: note: previous declaration of 'u_int8_t' was here
src/_csrc/pycabcrypt.h:19: error: redefinition of typedef 'u_int16_t'
src/_csrc/pycabcrypt.h:19: note: previous declaration of 'u_int16_t' was here
src/_csrc/pycabcrypt.h:20: error: redefinition of typedef 'u_int32_t'
src/_csrc/pycabcrypt.h:20: note: previous declaration of 'u_int32_t' was here
src/_csrc/pycabcrypt.h:21: error: redefinition of typedef 'u_int64_t'
src/_csrc/pycabcrypt.h:21: note: previous declaration of 'u_int64_t' was here
...
$ git checkout master
$ git clean -x -d -f
$ python setup.py build
...
... (NO BUILD ERRORS)
...
$ ls -l build/lib.solaris-2.11-i86pc.64bit-2.7/bcrypt/64/_bcrypt.so
-rwxr-xr-x 1 me staff 90160 Sep 24 13:34 build/lib.solaris-2.11-i86pc.64bit-2.7/bcrypt/64/_bcrypt.so

Pip install failed (Ubuntu)

Hey,

I'm trying to install bcrypt on Ubuntu 14.04, running the "[sudo] pip install bcrypt" command in terminal, but I keep getting the following error:

Command python setup.py egg_info failed with error code 1 in /tmp/pip_build_user/bcrypt
Storing debug log for failure in /home/user/.pip/pip.log

The error doesn't occur when I try to install other packages via pip, only with this one.
Does anyone know what I should do? Any help appreciated.

FFI dependency not properly handled during install

If cffi is not present, bcrypt still installs successfully. However, the FFI backend library /usr/local/lib/python2.7/dist-packages/_cffi_677459_d17cc0.so does not get built. As a result, attempting to use the bcrypt module results in the following error:

[...]
    import bcrypt as _bcrypt
  File "/usr/local/lib/python2.7/dist-packages/bcrypt/__init__.py", line 71, in <module>
    ).hexdigest()[:6],
  File "/usr/local/lib/python2.7/dist-packages/cffi/api.py", line 340, in verify
    lib = self.verifier.load_library()
  File "/usr/local/lib/python2.7/dist-packages/cffi/verifier.py", line 73, in load_library
    self._write_source()
  File "/usr/local/lib/python2.7/dist-packages/cffi/verifier.py", line 125, in _write_source
    file = open(self.sourcefilename, 'w')
IOError: [Errno 2] No such file or directory: '/usr/local/lib/python2.7/dist-packages/bcrypt/__pycache__/_cffi_677459_d17cc0.c'

Suggestion: If cffi is not present, either raise an exception and fail the installation (don't mask the error), or fix the recovery code

bcrypt/setup.py

Line 29 in 19e24d0

except ImportError:
so that the FFI extension gets properly built.

Workaround for this bug:
Users should update their requirements file so that cffi is installed before bcrypt.

faster with hashpw or checkpw

Hi,

I would like know if there is a way to do hashpw or checkpw faster. I am beginner in hashing and encryption thing, and would like to learn it. This is my current code:
encodedPassword = str(userAuthInfo['password']).encode('utf-8')
db1start = datetime.datetime.now()
check= bcrypt.checkpw(encodedPassword, DBHashedPassword.encode('utf-8'))
print((datetime.datetime.now() - db1start).microseconds)

from a couple of trial, it took around 400 milliseconds - 600 milliseconds to do it, is there a way to do it faster ?
How long for a Restful app for login function time is acceptable ?
Thank you

import bcrypt error 

>>> import bcrypt
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File ".../venv/lib/python2.7/site-packages/bcrypt/__init__.py", line 23, in <module>
    from bcrypt import _bcrypt
ImportError: dlopen(.../venv/lib/python2.7/site-packages/_cffi_backend.so, 2): Symbol not found: _PyUnicodeUCS2_AsASCIIString
  Referenced from: .../venv/lib/python2.7/site-packages/_cffi_backend.so
  Expected in: flat namespace
 in ...venv/lib/python2.7/site-packages/_cffi_backend.so

This might be an issue with cffi but I figured I would post something here in case anyone has ever run into it. I get the same error when running my project, but I get the same error (as above) when simply activating the virtualenv, running a Python shell and trying as above.
This is 2.7.11 using pyenv and virtualenv on Mac OS X 10.11.4
I have libffi installed via brew
I have tried cleaning, rebuilding, reinstalling, environment variables, and more for the last four hours and can not get past this error

ImportError: cannot import name '_bcrypt'

This error was viewed when I add "import bcrypt" in my django project. When I run "import bcrypt" in IDLE - it is work. I don't know, what is that and where I made mistake

Error when deploy on openshift

I'm getting this error when I'm trying to deploy my application into openshift, it work locally but not in production, any thoughts about the possible issue?

warning: push.default is unset; its implicit value is changing in
Git 2.0 from 'matching' to 'simple'. To squelch this message
and maintain the current behavior after the default changes, use:
git config --global push.default matching
To squelch this message and adopt the new behavior now, use:
git config --global push.default simple
See 'git help config' and search for 'push.default' for further information.
(the 'simple' mode was introduced in Git 1.7.11. Use the similar mode
'current' instead of 'simple' if you sometimes use older versions of Git)
Warning: Permanently added 'service-rdygo.rhcloud.com' (RSA) to the list of known hosts.
Counting objects: 9, done.
Delta compression using up to 32 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (5/5), 405 bytes | 0 bytes/s, done.
Total 5 (delta 1), reused 4 (delta 0)
remote: CLIENT_RESULT: Application is already stopped.
remote: Building git ref 'master', commit d16178c
remote: npm WARN package.json [email protected] No repository field.
remote:
remote: > [email protected] install /var/lib/openshift/574e41b47628e1e93d000024/app-root/runtime/repo/node_modules/bcrypt
remote: > node-gyp rebuild
remote:
remote: gyp WARN EACCES user "undefined" does not have permission to access the dev dir "/var/lib/openshift/574e41b47628e1e93d000024/.node-gyp/5.11.1"
remote: gyp WARN EACCES attempting to reinstall using temporary dev dir "/tmp/.node-gyp"
remote: gyp: /tmp/.node-gyp/5.11.1/common.gypi not found (cwd: /var/lib/openshift/574e41b47628e1e93d000024/app-root/runtime/repo/node_modules/bcrypt) while reading includes of binding.gyp while trying to load binding.gyp
remote: gyp ERR! configure error
remote: gyp ERR! stack Error: gyp failed with exit code: 1
remote: gyp ERR! stack at ChildProcess.onCpExit (/var/lib/openshift/574e41b47628e1e93d000024/app-root/data/.nodejs/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:305:16)
remote: gyp ERR! stack at emitTwo (events.js:100:13)
remote: gyp ERR! stack at ChildProcess.emit (events.js:185:7)
remote: gyp ERR! stack at Process.ChildProcess._handle.onexit (internal/child_process.js:204:12)
remote: gyp ERR! System Linux 2.6.32-573.22.1.el6.x86_64
remote: gyp ERR! command "/var/lib/openshift/574e41b47628e1e93d000024/app-root/data/.nodejs/bin/node" "/var/lib/openshift/574e41b47628e1e93d000024/app-root/data/.nodejs/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
remote: gyp ERR! cwd /var/lib/openshift/574e41b47628e1e93d000024/app-root/runtime/repo/node_modules/bcrypt
remote: gyp ERR! node -v v5.11.1
remote: gyp ERR! node-gyp -v v3.3.1
remote: gyp ERR! not ok
remote: npm WARN [email protected] No repository field.
remote: npm ERR! Linux 2.6.32-573.22.1.el6.x86_64
remote: npm ERR! argv "/var/lib/openshift/574e41b47628e1e93d000024/app-root/data/.nodejs/bin/node" "/var/lib/openshift/574e41b47628e1e93d000024/app-root/data/.nodejs/bin/npm" "i" "--production"
remote: npm ERR! node v5.11.1
remote: npm ERR! npm v3.9.5
remote: npm ERR! code ELIFECYCLE
remote:
remote: npm ERR! [email protected] install: node-gyp rebuild
remote: npm ERR! Exit status 1
remote: npm ERR!
remote: npm ERR! Failed at the [email protected] install script 'node-gyp rebuild'.
remote: npm ERR! Make sure you have the latest version of node.js and npm installed.
remote: npm ERR! If you do, this is most likely a problem with the bcrypt package,
remote: npm ERR! not with npm itself.
remote: npm ERR! Tell the author that this fails on your system:
remote: npm ERR! node-gyp rebuild
remote: npm ERR! You can get information on how to open an issue for this project with:
remote: npm ERR! npm bugs bcrypt
remote: npm ERR! Or if that isn't available, you can get their info via:
remote: npm ERR! npm owner ls bcrypt
remote: npm ERR! There is likely additional logging output above.
remote:
remote: npm ERR! Please include the following file with any support request:
remote: npm ERR! /var/lib/openshift/574e41b47628e1e93d000024/app-root/runtime/repo/npm-debug.log
remote: CLIENT_RESULT: Node.js modules installed.
remote: Preparing build for deployment
remote: Deployment id is 8d345043
remote: Activating deployment
remote: CLIENT_MESSAGE: Starting Node.js application...
remote: CLIENT_RESULT: Node.js application started.
remote: -------------------------
remote: Git Post-Receive Result: success
remote: Activation status: success
remote: Deployment completed with status: success
To ssh://[email protected]/~/git/service.git/
f1c0e2d..d16178c master -> master
Already up-to-date!
HEAD detached at d16178c
Untracked files:
(use "git add ..." to include in what will be committed)

.dpl/

nothing added to commit but untracked files present (use "git add" to track)
Dropped refs/stash@{0} (7f1252c885d8fce26f9ddf389d6729ff9274dbc8)
Done. Your build exited with 0.

here is the entire log in travis, https://travis-ci.org/Minisis/RdyGo-service/builds/136858633

testsuite absent

The setup.py is filled with references to the testsuite and designates pytest as a test runner, despite the tests folder being absent from the tarball.

Document OS X installation

Note: Issue exists on bcrypt as well.

@reaperhulk: "We implicitly assume our OS X users already have a compiler and the ffi headers (xcode-select --install). This is sometimes an unsafe assumption, especially as our project gets more popular. Let's document how to install on OS X."

The specific error code snippet is below. It fails on the cffi dependency.

c/_cffi_backend.c:13:10: fatal error: 'ffi.h' file not found

#include <ffi.h>

         ^

1 error generated.

error: command 'cc' failed with exit status 1

Reproduced from: pyca/cryptography#1700

setup doesn't complete all necessary compiling

Here's the stacktrace:

Traceback (most recent call last):
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 247, in loadapp
    return loadobj(APP, uri, name=name, **kw)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 271, in loadobj
    global_conf=global_conf)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 296, in loadcontext
    global_conf=global_conf)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 320, in _loadconfig
    return loader.get_context(object_type, name, global_conf)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 454, in get_context
    section)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 476, in _context_from_use
    object_type, name=use, global_conf=global_conf)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 406, in get_context
    global_conf=global_conf)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 296, in loadcontext
    global_conf=global_conf)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 328, in _loadegg
    return loader.get_context(object_type, name, global_conf)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 620, in get_context
    object_type, name=name)
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/PasteDeploy-1.5.2-py3.4.egg/paste/deploy/loadwsgi.py", line 646, in find_egg_entry_point
    possible.append((entry.load(), protocol, entry.name))
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/pkg_resources.py", line 2147, in load
    ['__name__'])
  File "/sites/metrics_dev/mainserver/__init__.py", line 17, in <module>
    from .security import (
  File "/sites/metrics_dev/mainserver/security.py", line 21, in <module>
    from .models import (
  File "/sites/metrics_dev/mainserver/models.py", line 3, in <module>
    import bcrypt
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/bcrypt-1.0.2-py3.4.egg/bcrypt/__init__.py", line 71, in <module>
    ).hexdigest()[:6],
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/cffi/api.py", line 341, in verify
    lib = self.verifier.load_library()
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/cffi/verifier.py", line 73, in load_library
    self._write_source()
  File "/sites/metrics_dev/env/lib/python3.4/site-packages/cffi/verifier.py", line 125, in _write_source
    file = open(self.sourcefilename, 'w')
PermissionError: [Errno 13] Permission denied: '/sites/metrics_dev/env/lib/python3.4/site-packages/bcrypt-1.0.2-py3.4.egg/bcrypt/__pycache__/_cffi_677459_d17cc0.c'

Basically, I install Cython, cffi, and bcrypt (as well as other packages) as root. Then I run my project as www-data. The first time I run it I get the previous stack trace because it tries to generate a .c file in a directory with only permissions for root.

I didn't seem to have this problem with Cython==0.20.1 and cffi==0.8.2 but I do with the latest with is Cython==0.21 and cffi==0.8.6 . My version of bcrypt is unchanged between the two so if it's an issue with bcrypt it's that it needs to accommodate some change in cffi.

Please let me know if you think this is an issue better reported to cffi.

Please add a changelog.

When upgrading apps, I like to review each dependency's changelog to look for potentially breaking changes. Thanks.

Build on Solaris switches from gcc to cc

bcrypt-3.1.3
gcc 5.4.0

export CC=gcc
python setup.py 
...
gcc -DNDEBUG -fPIC -DPIC -Isrc/_csrc -I/usr/include/python2.7 -c src/_csrc/timingsafe_bcmp.c -o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/timingsafe_bcmp.o
cc -G build/temp.solaris-2.12-i86pc.32bit-2.7/build/temp.solaris-2.12-i86pc.32bit-2.7/_bcrypt.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/blf.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/bcrypt.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/bcrypt_pbkdf.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/sha2.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/timingsafe_bcmp.o -L/usr/lib -lpython2.7 -o build/lib.solaris-2.12-i86pc.32bit-2.7/bcrypt/_bcrypt.so

If I execute the failing command by hand with gcc I am able to create the object

gcc -G build/temp.solaris-2.12-i86pc.32bit-2.7/build/temp.solaris-2.12-i86pc.32bit-2.7/_bcrypt.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/blf.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/bcrypt.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/bcrypt_pbkdf.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/sha2.o build/temp.solaris-2.12-i86pc.32bit-2.7/src/_csrc/timingsafe_bcmp.o -L/usr/lib -lpython2.7 -o build/lib.solaris-2.12-i86pc.32bit-2.7/bcrypt/_bcrypt.so

python setup.py build
running build
running build_py
running build_ext
generating cffi module 'build/temp.solaris-2.12-i86pc.32bit-2.7/_bcrypt.c'
already up-to-date

Determine which prefix we should use

bcrypt has had a sort of sordid history with prefixes. The original one was $2a$ however the original implementation had a security sensitive issue. This is fixed and $2a$ is safe now assuming the implementation has been updated (for bcrypt it has been). However the bcrypt library we use also supports $2y$ which is the same as $2a$ except it'll fail on older libraries which are still broken (or which just don't suport the $2y$ syntax. Now there's a new version of the crypt_blowfish library which implements $2b$ which is the same as $2y$ except it's "more official" since it comes from OpenBSD 5.5+.

failed to install bcrypt

python version 2.7

user 'jenkins': installation works
pip install bcrypt
Requirement already satisfied (use --upgrade to upgrade): bcrypt in /home/jenkins/.virtualenvs/dal/lib/python2.7/site-packages
Requirement already satisfied (use --upgrade to upgrade): cffi>=1.1 in /home/jenkins/.virtualenvs/dal/lib/python2.7/site-packages (from bcrypt)
Requirement already satisfied (use --upgrade to upgrade): six>=1.4.1 in /home/jenkins/.virtualenvs/dal/lib/python2.7/site-packages (from bcrypt)
Requirement already satisfied (use --upgrade to upgrade): pycparser in /home/jenkins/.virtualenvs/dal/lib/python2.7/site-packages (from cffi>=1.1->bcrypt)

under root user:

sudo su
root@server_name:/apps/app_name# pip install bcrypt
Collecting bcrypt
  Using cached bcrypt-2.0.0.tar.gz
Requirement already satisfied (use --upgrade to upgrade): cffi>=1.1 in /usr/local/lib/python2.7/dist-packages (from bcrypt)
Requirement already satisfied (use --upgrade to upgrade): six>=1.4.1 in /usr/local/lib/python2.7/dist-packages (from bcrypt)
Requirement already satisfied (use --upgrade to upgrade): pycparser in /usr/local/lib/python2.7/dist-packages (from cffi>=1.1->bcrypt)
Installing collected packages: bcrypt
  Running setup.py install for bcrypt ... error
    Complete output from command /usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-UQAoWx/bcrypt/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-BL_G1e-record/install-record.txt --single-version-externally-managed --compile:
    <module 'pycparser' from '/usr/local/lib/python2.7/dist-packages/pycparser/__init__.pyc'>
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-UQAoWx/bcrypt/setup.py", line 226, in <module>
        **keywords_with_side_effects(sys.argv)
      File "/usr/lib/python2.7/distutils/core.py", line 112, in setup
        _setup_distribution = dist = klass(attrs)
      File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 225, in __init__
        _Distribution.__init__(self,attrs)
      File "/usr/lib/python2.7/distutils/dist.py", line 287, in __init__
        self.finalize_options()
      File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 258, in finalize_options
        ep.load()(self, ep.name, value)
      File "/usr/local/lib/python2.7/dist-packages/cffi/setuptools_ext.py", line 161, in cffi_modules
        add_cffi_module(dist, cffi_module)
      File "/usr/local/lib/python2.7/dist-packages/cffi/setuptools_ext.py", line 48, in add_cffi_module
        execfile(build_file_name, mod_vars)
      File "/usr/local/lib/python2.7/dist-packages/cffi/setuptools_ext.py", line 24, in execfile
        exec(code, glob, glob)
      File "src/build_bcrypt.py", line 29, in <module>
        """
      File "/usr/local/lib/python2.7/dist-packages/cffi/api.py", line 105, in cdef
        self._cdef(csource, override=override, packed=packed)
      File "/usr/local/lib/python2.7/dist-packages/cffi/api.py", line 119, in _cdef
        self._parser.parse(csource, override=override, **options)
      File "/usr/local/lib/python2.7/dist-packages/cffi/cparser.py", line 290, in parse
        self._internal_parse(csource)
      File "/usr/local/lib/python2.7/dist-packages/cffi/cparser.py", line 295, in _internal_parse
        ast, macros, csource = self._parse(csource)
      File "/usr/local/lib/python2.7/dist-packages/cffi/cparser.py", line 230, in _parse
        csource, macros = _preprocess(csource)
      File "/usr/local/lib/python2.7/dist-packages/cffi/cparser.py", line 138, in _preprocess
        if pycparser.__version__ < '2.14':
    AttributeError: 'module' object has no attribute '__version__'

    ----------------------------------------
Command "/usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-UQAoWx/bcrypt/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-BL_G1e-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-UQAoWx/bcrypt

tried
sudo apt-get remove build-essential libffi-dev python-dev
sudo apt-get install build-essential libffi-dev python-dev

Use your own custom salt

Hi,

I want to use bcrypt in a challenge response scheme.
For this, I need a way to set the salt myself (the idea is that the salt is the challenge given)
With PHP, this was not a problem but I do not understand how this is done here.
AFAIK the salt for a bcrypt hash should be 16 random bytes. How can I us my own salt with bcrypt in python?

with best regards,

p91

_crypt_blowfish_rn conflict

I have faced the following issue:

When I run my Python application (which uses this bcrypt library) from shell and application calls bcrypt.hashpw with '2b' salt then all works OK.

But when I run the application under Apache then bcrypt.hashpw raises 'Invalid salt' exception.

After researching I found that there symbol name conflict occurred: Apache Portable Runtime has own _crypt_blowfish_rn function (http://svn.apache.org/repos/asf/apr/apr/trunk/crypto/crypt_blowfish.c) which does not support '2b' hashes and which called by crypt_rn because libapr-1.so.0 library was loaded before _bcrypt.so.

Possible solutions are:

  • Use an unique prefix for public functions like _crypt_blowfish_rn to eliminate name conflict
  • Make _crypt_blowfish_rn static and move it into the same C module where crypt_rn lives (wrapper.c)

Found on Apache 2.4.6, APR 1.4.8, CentOS 7, bcrypt 2.0.0

No Changelog

Hello,

AFAICT, there's no changelog for this library. As a consequence, we're unable to know what would be the impact(s) to upgrade from a version ton another, especially if bumping from a major version series to another.

I think it could be great to maintain a CHANGELOG file to inform users on new features / bugfixes and eventually warn users on breaking changes.

Add bcrypt_pbkdf ?

py-bcrypt 0.4 had the bcrypt_pbkdf key derivation function which no other Python module appears to have. since you claim compatibility with py-bcrypt ... :) nudge nudge

OpenSSH uses it when encrypting their new private key format, hence paramiko needs it to read those.
found an example here:
https://github.com/grnet/python-bcrypt

import fails with cryptic error message

Installation log and import trace with error message follow:

On Ubuntu 13:04:

sudo apt-get install libffi-dev
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
libffi-dev
0 upgraded, 1 newly installed, 0 to remove and 28 not upgraded.
Need to get 0 B/116 kB of archives.
After this operation, 304 kB of additional disk space will be used.
Selecting previously unselected package libffi-dev:amd64.
(Reading database ... 267565 files and directories currently installed.)
Unpacking libffi-dev:amd64 (from .../libffi-dev_3.0.13-2ubuntu1_amd64.deb) ...
Processing triggers for man-db ...
Processing triggers for install-info ...
Processing triggers for doc-base ...
Processing 1 added doc-base file...
Setting up libffi-dev:amd64 (3.0.13-2ubuntu1) ...
pavel@pavel-desktop:~$ sudo pip install bcrypt
Downloading/unpacking bcrypt
Downloading bcrypt-1.0.2.tar.gz (40kB): 40kB downloaded
Running setup.py egg_info for package bcrypt

Installed /tmp/pip-build-root/bcrypt/cffi-0.7.2-py2.7-linux-x86_64.egg
Searching for pycparser
Reading http://pypi.python.org/simple/pycparser/
Best match: pycparser 2.10
Downloading https://pypi.python.org/packages/source/p/pycparser/pycparser-2.10.tar.gz#md5=d87aed98c8a9f386aa56d365fe4d515f
Processing pycparser-2.10.tar.gz
Writing /tmp/easy_install-32cbWr/pycparser-2.10/setup.cfg
Running pycparser-2.10/setup.py -q bdist_egg --dist-dir /tmp/easy_install-32cbWr/pycparser-2.10/egg-dist-tmp-py5BBN
zip_safe flag not set; analyzing archive contents...

Installed /tmp/pip-build-root/bcrypt/pycparser-2.10-py2.7.egg

Downloading/unpacking cffi (from bcrypt)
Downloading cffi-0.7.2.tar.gz (175kB): 175kB downloaded
Running setup.py egg_info for package cffi

Downloading/unpacking pycparser (from cffi->bcrypt)
Downloading pycparser-2.10.tar.gz (206kB): 206kB downloaded
Running setup.py egg_info for package pycparser

Installing collected packages: bcrypt, cffi, pycparser
Running setup.py install for bcrypt
building '_cffi_677459_d17cc0' extension
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -Ibcrypt/crypt_blowfish-1.2 -I/usr/include/python2.7 -c bcrypt/pycache/_cffi_677459_d17cc0.c -o build/temp.linux-x86_64-2.7/bcrypt/pycache/_cffi_677459_d17cc0.o
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -Ibcrypt/crypt_blowfish-1.2 -I/usr/include/python2.7 -c bcrypt/crypt_blowfish-1.2/crypt_blowfish.c -o build/temp.linux-x86_64-2.7/bcrypt/crypt_blowfish-1.2/crypt_blowfish.o
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -Ibcrypt/crypt_blowfish-1.2 -I/usr/include/python2.7 -c bcrypt/crypt_blowfish-1.2/crypt_gensalt.c -o build/temp.linux-x86_64-2.7/bcrypt/crypt_blowfish-1.2/crypt_gensalt.o
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -Ibcrypt/crypt_blowfish-1.2 -I/usr/include/python2.7 -c bcrypt/crypt_blowfish-1.2/wrapper.c -o build/temp.linux-x86_64-2.7/bcrypt/crypt_blowfish-1.2/wrapper.o
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -D_FORTIFY_SOURCE=2 -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/bcrypt/pycache/_cffi_677459_d17cc0.o build/temp.linux-x86_64-2.7/bcrypt/crypt_blowfish-1.2/crypt_blowfish.o build/temp.linux-x86_64-2.7/bcrypt/crypt_blowfish-1.2/crypt_gensalt.o build/temp.linux-x86_64-2.7/bcrypt/crypt_blowfish-1.2/wrapper.o -o build/lib.linux-x86_64-2.7/_cffi_677459_d17cc0.so

Running setup.py install for cffi
building '_cffi_backend' extension
x86_64-linux-gnu-gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.7 -c c/_cffi_backend.c -o build/temp.linux-x86_64-2.7/c/_cffi_backend.o
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -D_FORTIFY_SOURCE=2 -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security build/temp.linux-x86_64-2.7/c/_cffi_backend.o -lffi -o build/lib.linux-x86_64-2.7/_cffi_backend.so

Running setup.py install for pycparser

Successfully installed bcrypt cffi pycparser
Cleaning up...

pavel@pavel-desktop:~$ python
Python 2.7.4 (default, Apr 19 2013, 18:28:01)
[GCC 4.7.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.

import bcrypt
Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib/python2.7/dist-packages/bcrypt/init.py", line 71, in
).hexdigest()[:6],
File "/usr/local/lib/python2.7/dist-packages/cffi/api.py", line 312, in verify
lib = self.verifier.load_library()
File "/usr/local/lib/python2.7/dist-packages/cffi/verifier.py", line 68, in load_library
self.compile_module()
File "/usr/local/lib/python2.7/dist-packages/cffi/verifier.py", line 55, in compile_module
self._write_source()
File "/usr/local/lib/python2.7/dist-packages/cffi/verifier.py", line 117, in _write_source
file = open(self.sourcefilename, 'w')
IOError: [Errno 2] No such file or directory: '/usr/local/lib/python2.7/dist-packages/bcrypt/pycache/_cffi_677459_d17cc0.c'

pavel@pavel-desktop:~$ ls -al /usr/local/lib/python2.7/dist-packages/bcrypt
total 28
drwxr-sr-x 3 root staff 4096 Aug 4 18:40 .
drwxrwsr-x 55 root staff 4096 Aug 4 18:40 ..
-rw-r--r-- 1 root staff 1242 Aug 4 18:40 about.py
-rw-r--r-- 1 root staff 880 Aug 4 18:40 about.pyc
drwxr-sr-x 2 root staff 4096 Aug 4 18:40 crypt_blowfish-1.2
-rw-r--r-- 1 root staff 3098 Aug 4 18:40 init.py
-rw-r--r-- 1 root staff 2515 Aug 4 18:40 init.pyc

Can't pip install

pip install bcrypt gives the following error:

Running setup.py egg_info for package bcrypt
    Traceback (most recent call last):
      File "cffi-0.6-py3.3-linux-i686.egg/cffi/vengine_cpy.py", line 121, in lo
ad_library                                                                    
        self.verifier.modulefilename)
    ImportError: /home/brett/.virtualenvs/bauble.api/build/bcrypt/bcrypt/__pyca
che__/_cffi_677459_d17cc0.cpython-33m-i386-linux-gnu.so: undefined symbol: _BF_
body_r

Ubuntu Linux 13.04
Python3 (in a virtualenv)

README.rst contains a non ascii character causing install failure with Python 3.5 Ubuntu

The tick in the string ........ (if you're not using pypy)
is not an ascii tick but is \xe2 \x80 \x99

This causes the error
File "/tmp/easy_install-dd0xuxvq/bcrypt-3.0.0/setup.py", line 195, in
File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode
return codecs.ascii_decode(input, self.errors)[0]
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 521: ordinal not in range(128)

ValueError: Invalid salt

Full exception:

Traceback (most recent call last):
  File "/opt/app/current/app/models.py", line 626, in check_password
    return bcrypt.check_password_hash(self.password, password)
  File "/opt/app/current/venv/local/lib/python2.7/site-packages/flask_bcrypt.py", line 193, in check_password_hash
    return safe_str_cmp(bcrypt.hashpw(password, pw_hash), pw_hash)
  File "/opt/app/current/venv/local/lib/python2.7/site-packages/bcrypt/__init__.py", line 66, in hashpw
    raise ValueError("Invalid salt")
ValueError: Invalid salt

bcrypt.kdf() does not actually use bcrypt

When calling bcrypt.kdf(...), the library doesn't use bcrypt. The documentation I've been able to find (the readme in this repository and on pypi) is extremely brief, but from tests I noticed it must use a completely different algorithm, which is confirmed by reading the source code.

One of bcrypt's (arguable) improvements over the older pbkdf2, is that the cost is logarithmic rather than linear. It makes a lot more sense to type 11 in your code and upgrade it to 12 at some point, compared to working with numbers like 1000000.

When using bcrypt.kdf however, the bcrypt library actually calls pbkdf2 under the hood, where rounds=10 would be useless and dangerous. Any developer reading this code would expect it to use bcrypt as a KDF.

I saw in an old Github Issue in this repository that it was added for compatibility. Renaming the function to clear things up (or just moving it to a different repository, since it has nothing to do with bcrypt whatsoever) is probably a no-go. Rather I'd suggest something like: during a grace period, print a warning to stderr when the function is called with rounds less than, say, 100; then in a future release a year later, throw an exception when it happens.

build failed on msys/mingw64

bcrypt-3.1.3

Can't compil on msys/mingw64

Error message:

build/temp.mingw-2.7/src/_csrc/bcrypt_pbkdf.o:bcrypt_pbkdf.c:(.text+0x0): multiple definition of `_abs64'
build/temp.mingw-2.7/src/_csrc/bcrypt.o:bcrypt.c:(.text+0x0): first defined here
collect2.exe: error: ld returned 1 exit status

Corrections:

In "src/_csrc/bcrypt_pbkdf.c", re-organize:

#include <sys/types.h>
#include <stdlib.h>
#include <string.h>

#include "pycabcrypt.h"
#include "blf.h"
#include "sha2.h"

In "src/_csrc/blf.h", move #include "pycabcrypt.h":

#ifndef BLF_H
#define BLF_H

#include "pycabcrypt.h"
...
#endif

In "src/_csrc/pycabcrypt.h", add :

#ifndef PYCABCRYPT
#define PYCABCRYPT
...
#endif

No kdf() function

Hey!

py-bcrypt was providing a kdf() function but this is not the case for this module. Therefore, the compatibility with py-bcrypt is only partial. Would it be possible to provide a KDF function as well?

Release 3.1.0

Checklist:

  • Merge #81
  • Merge #79
  • Merge #76
  • Merge #75
  • Merge #84
  • Merge #86
  • Merge #87
  • Update changelog to note the wraparound compatibility fix + alpine linux compile fix + word the checkpw addition better
  • Update version to 3.1.0

Wondering if bcrypt planned to support AIX?

Hi,
I pip install paramiko on AIX 6.1 and occured an error which said bcypt does't support the platform.
I wonder if there is a plan to support AIX?

Thank you very much!

Update automation

Point it at the new CI server and possibly stop using invoke (copy from cryptography)

Build is failing on Alpine Linux & Python 3.5

I get a build error with the latest bcrypt release on Alpine Linux and Python 3.5:

src/_csrc/bcrypt_pbkdf.c: In function 'bcrypt_pbkdf':
src/_csrc/bcrypt_pbkdf.c:137:3: warning: implicit declaration of function 'bcrypt_hash' [-Wimplicit-function-declaration]
   bcrypt_hash(sha2pass, sha2salt, tmpout);
   ^
error: command 'gcc' failed with exit status 1

The complete output and the Dockerfile are attached. To reproduce the error you may run (after placing Dockerfile.txt to the same dir):

docker build . -f Dockerfile.txt -t bcrypt-test

error-output.txt
Dockerfile.txt

sha digest can contain NUL bytes

  1. website instructs to use sha512 digest for long password support
  2. sha512 digest can contain NUL bytes
  3. bcrypt breaks for some password, like: asdasa, whose sha512 digest contains a NUL byte

hashpw() is silently converting 2y -> 2b

As of 3.0.0, hashpw() is converting 2y -> 2b hashes. For example:

>>> import bcrypt
>>> print(bcrypt.hashpw("test", b"$2y$04$5BJqKfqMQvV7nS.yUguNcueVirQqDBGaLXSqj.rs.pZPlNR0UX/HK"))
b"$2b$04$5BJqKfqMQvV7nS.yUguNcueVirQqDBGaLXSqj.rs.pZPlNR0UX/HK")

For any code that's doing verification via hmac.compare_digest(hashpw(secret, hash), hash), this will result in 2y hashes never verifying correctly.

I was expecting to either get a 2y hash back, or have hashpw() throw an "invalid salt" error.

Mac OSX Yosemite installation failure...

Please advise how to install

(pyenv2.7.10)minminsanjose ~ $ pip install bcrypt
Collecting bcrypt
  Using cached bcrypt-2.0.0.tar.gz
Requirement already satisfied (use --upgrade to upgrade): cffi>=1.1 in ./anaconda/envs/pyenv2.7.10/lib/python2.7/site-packages (from bcrypt)
Requirement already satisfied (use --upgrade to upgrade): six>=1.4.1 in ./anaconda/envs/pyenv2.7.10/lib/python2.7/site-packages (from bcrypt)
Requirement already satisfied (use --upgrade to upgrade): pycparser in ./anaconda/envs/pyenv2.7.10/lib/python2.7/site-packages (from cffi>=1.1->bcrypt)
Building wheels for collected packages: bcrypt
  Running setup.py bdist_wheel for bcrypt
  Complete output from command /Users/minminsanjose/anaconda/envs/pyenv2.7.10/bin/python -c "import setuptools;__file__='/private/var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/pip-build-wCv8BS/bcrypt/setup.py';exec(compile(open(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" bdist_wheel -d /var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/tmpPZZwmHpip-wheel-:
  running bdist_wheel
  running build
  running build_py
  creating build
  creating build/lib.macosx-10.5-x86_64-2.7
  creating build/lib.macosx-10.5-x86_64-2.7/bcrypt
  copying src/bcrypt/__about__.py -> build/lib.macosx-10.5-x86_64-2.7/bcrypt
  copying src/bcrypt/__init__.py -> build/lib.macosx-10.5-x86_64-2.7/bcrypt
  running build_ext
  generating cffi module 'build/temp.macosx-10.5-x86_64-2.7/_bcrypt.c'
  creating build/temp.macosx-10.5-x86_64-2.7
  building '_bcrypt' extension
  creating build/temp.macosx-10.5-x86_64-2.7/build
  creating build/temp.macosx-10.5-x86_64-2.7/build/temp.macosx-10.5-x86_64-2.7
  creating build/temp.macosx-10.5-x86_64-2.7/src
  creating build/temp.macosx-10.5-x86_64-2.7/src/crypt_blowfish-1.3
  gcc -fno-strict-aliasing -I/Users/minminsanjose/anaconda/envs/pyenv2.7.10/include -arch x86_64 -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -Isrc/crypt_blowfish-1.3 -I/Users/minminsanjose/anaconda/envs/pyenv2.7.10/include/python2.7 -c build/temp.macosx-10.5-x86_64-2.7/_bcrypt.c -o build/temp.macosx-10.5-x86_64-2.7/build/temp.macosx-10.5-x86_64-2.7/_bcrypt.o
  gcc: failed to exec xcrun /usr/bin/xcrun: No such file or directory
  error: command 'gcc' failed with exit status 71

  ----------------------------------------
  Failed building wheel for bcrypt
Failed to build bcrypt
Installing collected packages: bcrypt
  Running setup.py install for bcrypt
    Complete output from command /Users/minminsanjose/anaconda/envs/pyenv2.7.10/bin/python -c "import setuptools, tokenize;__file__='/private/var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/pip-build-wCv8BS/bcrypt/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/pip-Yxo8pN-record/install-record.txt --single-version-externally-managed --compile:
    running install
    running build
    running build_py
    running build_ext
    generating cffi module 'build/temp.macosx-10.5-x86_64-2.7/_bcrypt.c'
    already up-to-date
    building '_bcrypt' extension
    gcc -fno-strict-aliasing -I/Users/minminsanjose/anaconda/envs/pyenv2.7.10/include -arch x86_64 -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -Isrc/crypt_blowfish-1.3 -I/Users/minminsanjose/anaconda/envs/pyenv2.7.10/include/python2.7 -c build/temp.macosx-10.5-x86_64-2.7/_bcrypt.c -o build/temp.macosx-10.5-x86_64-2.7/build/temp.macosx-10.5-x86_64-2.7/_bcrypt.o
    gcc: failed to exec xcrun /usr/bin/xcrun: No such file or directory
    error: command 'gcc' failed with exit status 71

    ----------------------------------------
Command "/Users/minminsanjose/anaconda/envs/pyenv2.7.10/bin/python -c "import setuptools, tokenize;__file__='/private/var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/pip-build-wCv8BS/bcrypt/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/pip-Yxo8pN-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /private/var/folders/nv/4qz4kgk91rsd_28q18b_ljw00000gn/T/pip-build-wCv8BS/bcrypt

Find a way to not use == in the README

I don't think it's actually exploitable as a timing attack (in fact I'm pretty sure it's not), but I think it'd be good hygeine to offer a check_password function or similar and use that, so we dont' have to expose a general purpose constant time comparison function.

Won't install through pip on OS/X

Hello,

I'm really struggling to find a working blowfish hashing implementation that I can use.
But I'm not able to get this installed on my dev machine, error will be posted below.
Also, in reference to issue #5 I don't get it installed on Ubuntu 13.10 as well.
Your package seems to be the best choice for this, if it would only work.

By the way, none of the bcrypt packages available through pypi will install on either the server or the dev machine.

Error:

OS/X:

Downloading bcrypt-1.0.2.tar.gz (40kB): 40kB downloaded
  Running setup.py egg_info for package bcrypt
    OS/X: confusion between 'cc' versus 'gcc' (see issue 123)
    will not use '__thread' in the C code
    clang: error: unknown argument: '-mno-fused-madd' [-Wunused-command-line-argument-hard-error-in-future]
    clang: note: this will be a hard error (cannot be downgraded to a warning) in the future
    Traceback (most recent call last):
      File "<string>", line 16, in <module>
      File "/private/tmp/pip_build_root/bcrypt/setup.py", line 104, in <module>
        "Programming Language :: Python :: 3.3",
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/distutils/core.py", line 112, in setup
        _setup_distribution = dist = klass(attrs)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/setuptools/dist.py", line 260, in __init__
        self.fetch_build_eggs(attrs.pop('setup_requires'))
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/setuptools/dist.py", line 284, in fetch_build_eggs
        parse_requirements(requires), installer=self.fetch_build_egg
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 563, in resolve
        dist = best[req.key] = env.best_match(req, self, installer)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 799, in best_match
        return self.obtain(req, installer) # try and download/install
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 811, in obtain
        return installer(requirement)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/setuptools/dist.py", line 327, in fetch_build_egg
        return cmd.easy_install(req)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/setuptools/command/easy_install.py", line 446, in easy_install
        return self.install_item(spec, dist.location, tmpdir, deps)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/setuptools/command/easy_install.py", line 476, in install_item
        dists = self.install_eggs(spec, download, tmpdir)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/setuptools/command/easy_install.py", line 655, in install_eggs
        return self.build_and_install(setup_script, setup_base)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/setuptools/command/easy_install.py", line 930, in build_and_install
        self.run_setup(setup_script, setup_base, args)
      File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/setuptools/command/easy_install.py", line 921, in run_setup
        raise DistutilsError("Setup script exited with %s" % (v.args[0],))
    distutils.errors.DistutilsError: Setup script exited with error: command 'cc' failed with exit status 1
    Complete output from command python setup.py egg_info:
    OS/X: confusion between 'cc' versus 'gcc' (see issue 123)

will not use '__thread' in the C code

clang: error: unknown argument: '-mno-fused-madd' [-Wunused-command-line-argument-hard-error-in-future]

clang: note: this will be a hard error (cannot be downgraded to a warning) in the future

Ubuntu 13.10, after installing python-cffi:

Downloading bcrypt-1.0.2.tar.gz (40kB): 40kB downloaded
  Running setup.py egg_info for package bcrypt
    bcrypt/__pycache__/_cffi_677459_d17cc0.c:2:20: fatal error: Python.h: No such file or directory
     #include <Python.h>
                        ^
    compilation terminated.
    Traceback (most recent call last):
      File "<string>", line 16, in <module>
      File "/tmp/pip_build_ubuntu/bcrypt/setup.py", line 28, in <module>
        from bcrypt import __about__, _ffi
      File "bcrypt/__init__.py", line 71, in <module>
        ).hexdigest()[:6],
      File "/usr/lib/python2.7/dist-packages/cffi/api.py", line 311, in verify
        lib = self.verifier.load_library()
      File "/usr/lib/python2.7/dist-packages/cffi/verifier.py", line 68, in load_library
        self.compile_module()
      File "/usr/lib/python2.7/dist-packages/cffi/verifier.py", line 56, in compile_module
        self._compile_module()
      File "/usr/lib/python2.7/dist-packages/cffi/verifier.py", line 142, in _compile_module
        outputfilename = ffiplatform.compile(tmpdir, self.get_extension())
      File "/usr/lib/python2.7/dist-packages/cffi/ffiplatform.py", line 25, in compile
        outputfilename = _build(tmpdir, ext)
      File "/usr/lib/python2.7/dist-packages/cffi/ffiplatform.py", line 50, in _build
        raise VerificationError('%s: %s' % (e.__class__.__name__, e))
    cffi.ffiplatform.VerificationError: CompileError: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    Complete output from command python setup.py egg_info:
    bcrypt/__pycache__/_cffi_677459_d17cc0.c:2:20: fatal error: Python.h: No such file or directory

 #include <Python.h>

                    ^

compilation terminated.

Implement checkpw?

py-bcrypt has a checkpw function -- if we're going to claim compatibility we should have the same. cc @dstufft in case there was a reason he didn't originally add this.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.